The latest elgg version features a new security layer to keep your site always protected, which is the ability to change your site secret key. In this article I will give you a step by step guide on how to regenerate your elgg site secret key
1. Log into elgg as an Administrator, and go to the Administration Dashboard.
2. Go to menu “Configure -> Settings -> Site Secret“:
3. Now, click on Regenerate Site Secret to regenerate the secret key of the security tokens:
4. You will receive a warning before regenerating. Click yes to regenerate:
5. And that’s it! The site will have a new key in place:
This secret key that the security tokens use gives elgg protection against CSRF attacks, because the tokens are use in all forms, for any plugin. Regenerating it provides better security for your site, and it is recommended to do it once every 6 months.
This concludes Regenerate Elgg Site Secret Key